Heartbleed Patch Status Update

Heartbleed 101

The security team at codeREADr immediately assessed April 7th’s disclosure of CVE-2014-0160, also known as Heartbleed. As you may know, this is a critical vulnerability in OpenSSL. This vulnerability can compromise the secret keys used for SSL encryption. Jose Andrade at Engadget.com explains why the “heartbleed patch” is necessary.

“The problem affects a piece of software called OpenSSL, used for security on popular web servers. With OpenSSL, websites can provide encrypted information to visitors, so the data transferred (including usernames, passwords and cookies) cannot be seen by others while it goes from your computer to the website.”

What You Need to Know about the Heartbleed Patch?

We at codeREADr use OpenSSL. Therefore, we were potentially vulnerable. However, we have not discovered or been informed of any inthrusions or unauthorized use of our systems.

After an immediate patch to our OpenSSL libraries on April 8th at 5:00 am EST (GMT -4:00), we implemented the remaining precautions to ensure security. As of April 11th at 9:00 am EST (GMT -4:00), all necessary steps have been completed to remove this vulnerability. Here’s what we did:

Action Items

Should you want to change your codeREADr API key, please look here. If you’ve integrated your services with codeREADr’s API, then before you change your API key you should coordinate with your developer.